Read this online at 
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The 
release files for the patch versions are available for download on the ClamAV 
downloads page<https://www.clamav.net/downloads>, on the GitHub Release 
page<https://github.com/Cisco-Talos/clamav/releases>, and through Docker 
Hub<https://hub.docker.com/r/clamav/clamav/>. The images on Docker Hub may not 
be immediately available on release day. Continue reading to learn what changed 
in each version.

1.4.2
ClamAV 1.4.2 is a patch release with the following fixes:

  *   
CVE-2025-20128<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128>: 
Fixed a possible buffer overflow read bug in the OLE2 file parser that could 
cause a denial-of-service (DoS) condition.

This issue was introduced in version 1.0.0 and affects all currently supported 
versions. It will be fixed in: 1.4.2 and 1.0.8

Thank you to OSS-Fuzz for identifying this issue.


1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:

  *   
CVE-2025-20128<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128>: 
Fixed a possible buffer overflow read bug in the OLE2 file parser that could 
cause a denial-of-service (DoS) condition.

This issue was introduced in version 1.0.0 and affects all currently supported 
versions. It will be fixed in: 1.4.2 and 1.0.8

Thank you to OSS-Fuzz for identifying this issue.

  *   ClamOnAcc: Fixed an infinite loop when a watched directory does not 
exist. This is a backport of a fix from ClamAV 1.3.0.
     *   GitHub pull request<https://github.com/Cisco-Talos/clamav/pull/1426>





Micah Snyder (they/them)
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Reply via email to